FEDORA-2018-04f6056c42

security update in Fedora 27 for php

Status: stable a year ago

PHP version 7.1.17 (26 Apr 2018)

Date:

  • Fixed bug #76131 (mismatch arginfo for date_create). (carusogabriel)

Exif:

  • Fixed bug #76130 (Heap Buffer Overflow (READ: 1786) in exif_iif_add_value). (Stas)

FPM:

  • Fixed bug #68440 (ERROR: failed to reload: execvp() failed: Argument list too long). (Jacob Hipps)
  • Fixed incorrect write to getenv result in FPM reload. (Jakub Zelenka)

GD:

  • Fixed bug #52070 (imagedashedline() - dashed line sometimes is not visible). (cmb)

iconv:

  • Fixed bug #76249 (stream filter convert.iconv leads to infinite loop on invalid sequence). (Stas)

intl:

  • Fixed bug #76153 (Intl compilation fails with icu4c 61.1). (Anatol)

ldap:

  • Fixed bug #76248 (Malicious LDAP-Server Response causes Crash). (Stas)

mbstring:

  • Fixed bug #75944 (Wrong cp1251 detection). (dmk001)
  • Fixed bug #76113 (mbstring does not build with Oniguruma 6.8.1). (chrullrich, cmb)

Phar:

  • Fixed bug #76129 (fix for CVE-2018-5712 may not be complete). (Stas)

phpdbg:

  • Fixed bug #76143 (Memory corruption: arbitrary NUL overwrite). (Laruence)

SPL:

  • Fixed bug #76131 (mismatch arginfo for splarray constructor). (carusogabriel)

standard:

  • Fixed bug #75996 (incorrect url in header for mt_rand). (tatarbj)

Comments 8

This update has been submitted for testing by remi.

a year ago

This update has been pushed to testing.

a year ago
filiperosset a year ago

no regressions noted

karma: +1

remi edited this update.

a year ago

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes

a year ago

This update has been submitted for batched by remi.

a year ago

This update has been submitted for stable by remi.

a year ago

This update has been pushed to stable.

a year ago

Add Comment & Feedback

Please login to add feedback.

Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
security
Update Severity
unspecified
Karma
+1
stable threshold: 3
unstable threshold: -3
Autopush (karma)
Enabled
Autopush (time)
Disabled
Dates
submitted a year ago
in testing a year ago
in stable a year ago
modified a year ago

Related Bugs 5
00 #1573797 CVE-2018-10549 php: Out-of-bounds read in ext/exif/exif.c:exif_read_data() when reading crafted JPEG data
00 #1573802 CVE-2018-10546 php: Infinite loop in ext/iconv/iconv.c when using stream filter with convert.incov on invalid sequence leads to denial-of-service
00 #1573805 CVE-2018-10548 php: Null pointer dereference due to mishandling of ldap_get_dn return value allows denial-of-service by malicious LDAP server or man-in-the-middle attacker
00 #1573814 CVE-2018-10547 php: Reflected XSS vulnerability on PHAR 403 and 404 error pages
00 #1573816 CVE-2018-10546 CVE-2018-10547 CVE-2018-10548 CVE-2018-10549 php: various flaws [fedora-all]

Automated Test Results

Copyright © 2007-2019 Red Hat, Inc. and others.

Running bodhi-4.1.0 on bodhi-web-91-cdvdt.

bodhi is Free Software. Please file issues if you have any problems. Read the documentation.

Legal | Privacy policy